Skip to content

Bugfix: RPC: Check for blank rpcauth on a per-param basis #29141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Bugfix: RPC: Check for blank rpcauth on a per-param basis #29141

wants to merge 3 commits into from

Conversation

luke-jr
Copy link
Member

@luke-jr luke-jr commented Dec 23, 2023

Without this, a blank rpcauth will error if there is a non-blank following it, and a non-blank rpcauth will get ignored if the last one is blank

Includes test updates to detect issues

(It might make sense to support -norpcauth/-rpcauth=0 to disable all defined -rpcauth options, but that isn't currently supported, so out of scope here)

@luke-jr
Bugfix: RPC: Check for blank rpcauth on a per-param basis
d91d022 
Without this, a blank rpcauth will error if there is a non-blank following it, and a non-blank rpcauth will get ignored if the last one is blank
@luke-jr
QA: rpc_users: Test blank rpcauth in combination with non-blank
415734e
@DrahtBot
Copy link
Contributor

DrahtBot commented Dec 23, 2023
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.
A summary of reviews will appear here.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #30401 (fix: increase consistency of rpcauth parsing by tdb3)
  • #29641 (scripted-diff: Use LogInfo/LogDebug over LogPrintf/LogPrint by maflcko)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@luke-jr
Copy link
Member Author

luke-jr commented Dec 23, 2023

I'm not entirely sure what the expected behaviour here is...

@maflcko
Copy link
Member

maflcko commented Feb 22, 2024

I'm not entirely sure what the expected behaviour here is...

Are you still working on this?

Not sure something that is unsupported does need fixing.

@luke-jr
Copy link
Member Author

luke-jr commented Feb 29, 2024

Not sure what more work there is to be done here. The current behaviour is broken

@maflcko
Copy link
Member

maflcko commented Feb 29, 2024
edited
Loading

I can't recall that a blank rpcauth was ever supported, not in the docs, or in the tests, nor in the written code or code comments. Absent of that, changing the behavior and claiming that the previous is a bug and the new behavior is a fix, seems odd. If this was the behavior since the code was written, and someone relied on that, it would be a breaking change for them.

So unless there is a good reason to support per-param blank auths, and discard the previous behavior, I'd say to not change it.

When proposing a change, the burden to motivate and explain the change is on the pull request author. Simply making a change, then stating that you don't know the expected behavior (#29141 (comment)), while claiming your fix is a "bugfix" does not seem consequential to me.

@ryanofsky
Copy link
Contributor

So unless there is a good reason to support per-param blank auths, and discard the previous behavior, I'd say to not change it.

IIUC the "previous" behavior, i.e. the current behavior just doesn't make any sense. I made a similar bugfix in 8701603 from #17493, but it made specifying -rpcauth="" an error instead of an ignored parameter, which I think would be a better thing to do here. You can read 8701603 for a description of the current behavior, it is pretty crazy.

I think this PR (as of 6b79de4) would be an definite improvement it it had two tweaks:

  • It would be great if it dropped the if (rpcauth.empty()) continue; line and treated -rpcauth="" as an error consistently.
  • It would be great if the new python tests were added as a first commit, and the bugfix was added as a second commit, that way it would be a lot more obvious what current behavior is and how the bugfix changes it.

@maflcko
Copy link
Member

maflcko commented Mar 1, 2024

Sure, turning it into an error makes more sense. At least users (in the unlikely case) relying on the previous behavior will be notified. But silently ignoring empty auths doesn't seem desirable, even if it is more "consistent".

@DrahtBot DrahtBot mentioned this pull request Mar 13, 2024
Draft
@maflcko
Copy link
Member

maflcko commented Apr 17, 2024

Are you still working on this?

@DrahtBot DrahtBot marked this pull request as draft April 23, 2024 06:45
@DrahtBot
Copy link
Contributor

Converted to draft due to failing CI and inactivity

@DrahtBot DrahtBot mentioned this pull request Jun 25, 2024
Closed
@tdb3 tdb3 mentioned this pull request Jul 6, 2024
Merged
@fanquake fanquake closed this Jul 6, 2024
@fanquake
Copy link
Member

fanquake commented Jul 6, 2024

See #30401.

achow101 added a commit that referenced this pull request Sep 9, 2024
@achow101
Merge #30401: fix: increase consistency of rpcauth parsing
746f880 
27c976d fix: increase consistency of rpcauth parsing (tdb3)
2ad3689 test: add norpcauth test (tdb3)
67df0de test: blank rpcauth CLI interaction (tdb3)
ecc98cc test: add cases for blank rpcauth (tdb3)

Pull request description:

  The current `rpcauth` parsing behavior is inconsistent and unintuitive (see #29141 (comment) and additional details below).
  The current behavior inconsistently treats empty `rpcauth` as an error (or not) depending on the location within CLI/bitcoin.conf and the location of adjacent valid `rpcauth` params.

  Empty `rpcauth` is now consistently treated as an error and prevents bitcoind from starting.
  Continuation of the upforgrabs PR #29141.

  ### Additional details:
  Current `rpcauth` behavior is nonsensical:

   - If an empty `rpcauth` argument was specified as the last command line argument, it would cause all other `rpcauth` arguments to be ignored.
   - If an empty `rpcauth` argument was specified on the command line followed by any nonempty `rpcauth` argument, it would cause an error.
   - If an empty `rpcauth=` line was specified after non-empty rpcauth line in the config file it would cause an error.
   - If an empty `rpcauth=` line in a config file was first it would cause other rpcauth entries in the config file to be ignored, unless there were `-rpcauth` command line arguments and the last one was nonempty, in which case it would cause an error.

  New behavior is simple:
   - If an empty rpcauth config line or command line argument is used it will cause an error

ACKs for top commit:
  naiyoma:
    Tested ACK  [https://github.com/bitcoin/bitcoin/commit/27c976d11a68d66db97d9a7a30c6a6a71c6ab586](https://github.com/bitcoin/bitcoin/commit/27c976d11a68d66db97d9a7a30c6a6a71c6ab586)
  achow101:
    ACK 27c976d
  ryanofsky:
    Code review ACK 27c976d. Since last review commit message was just tweaked to clarify previous behavior.

Tree-SHA512: af2e9dd60d1ad030409ae2c3805ab139c7435327823d9f8bbeede815f376cb696a5929b08a6e8c8b5f7278ed49cfb231789f9041bd57f1f03ec96501b669da5b
@bitcoin bitcoin locked and limited conversation to collaborators Jul 6, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
CI failed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@luke-jr @DrahtBot @maflcko @ryanofsky @fanquake